d6902a6f3071bc79dcaecbd1bec8c0bd

Sharing

Copy URL Twitter E-mail

General

Target

d6902a6f3071bc79dcaecbd1bec8c0bd
Size

536KB
MD5

d6902a6f3071bc79dcaecbd1bec8c0bd
SHA1

a76aea23277e5730e437b9b4fde4bd73cd7bd8eb
SHA256

0ec96a3cc05a20fd4fb7c6e8379b948d56363dcb77419da199eab2caa6059f40
SHA512

b5a85e1f184b2fb198b57f56513e283d07419d26df245f13a68a59627d93374c1c3100b369de73ce73c8894d278b02ff4fbdc878807fa6345135fc615340a489
SSDEEP

6144:FGVZ3FlxDerfdPKN3yOOdtTBZ8p+uF/sb75qGBahhCcEl40m6IpyipfBaJ8R6Xj1:FYVHDeJPcODBKX9sA4K3kx9i5B/6Xai

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6902a6f3071bc79dcaecbd1bec8c0bd

Files

d6902a6f3071bc79dcaecbd1bec8c0bd
.exe windows:4 windows x86 arch:x86

df7d9e11d3d4c873cf39e077845c8d8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\qosjfedscv\jqoolqs.pdb

Imports

comdlg32

GetSaveFileNameA
ReplaceTextW

user32

EnumDisplaySettingsExA
IsIconic
OemKeyScan
GetGUIThreadInfo
ValidateRect
DrawTextA
GetClipCursor
DdeSetUserHandle
CopyAcceleratorTableA
SetUserObjectInformationA
SetScrollRange
ShowWindow
SetMessageQueue
ChangeDisplaySettingsExW
RedrawWindow
RegisterClassA
DlgDirSelectExW
ValidateRgn
GetWindowRect
InsertMenuItemA
SetMenuContextHelpId
DdeCreateStringHandleW
DrawFrame
CreateIconFromResource
LoadBitmapA
SubtractRect
RegisterClassExA
DestroyIcon
DefWindowProcW
GetSysColorBrush
IsCharUpperW
GetFocus
UnregisterClassW
DdeConnect
FrameRect
DefFrameProcA
SetParent
MessageBoxA
SwitchToThisWindow
DrawStateA
GetSubMenu
CharPrevA
DdeGetLastError
ReleaseDC
GetTopWindow
GetDoubleClickTime
SendDlgItemMessageW
CharUpperA
CallMsgFilterW
ReleaseCapture
DispatchMessageW
IsZoomed
GetOpenClipboardWindow
OemToCharBuffW
DestroyWindow
SetUserObjectSecurity
ToAsciiEx
SetDlgItemTextW
BroadcastSystemMessageW
CharToOemBuffW
BlockInput
MoveWindow
EnumDisplaySettingsExW
RegisterWindowMessageW
GetMenuItemID
UnhookWindowsHook
FlashWindow
OpenClipboard
GetMonitorInfoW
DrawFocusRect
CharLowerW
DdeQueryConvInfo
AdjustWindowRectEx
GetCaretPos
DdeInitializeA
BroadcastSystemMessage
IsCharLowerA
SetMenuInfo
GrayStringA
DdeAccessData
DrawMenuBar
InsertMenuA
CreateAcceleratorTableA
InvalidateRect
DefMDIChildProcA
GetKBCodePage
IsWindowEnabled
SetShellWindow
LoadKeyboardLayoutA
OemToCharBuffA
CallNextHookEx
SetPropW
GetClipboardOwner
GetKeyboardLayoutNameA
MonitorFromPoint
AnyPopup
CreateWindowExA

comctl32

ImageList_Read
GetEffectiveClientRect
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

gdi32

GetGlyphOutlineW
GetMetaRgn
GetDeviceCaps
EndPage
DeleteDC
SetColorAdjustment
DeleteObject
Escape
CreateDCA
GetDIBits
InvertRgn
ExtFloodFill
GetPaletteEntries
GetObjectA

advapi32

RegSaveKeyW
RegSetValueExW
LogonUserA
CryptEnumProvidersW
CryptEnumProvidersA
CryptDecrypt
StartServiceA
CryptEnumProviderTypesW
CryptSetProviderW
AbortSystemShutdownW
RegRestoreKeyA
RegDeleteValueA
CryptAcquireContextW
RegEnumKeyExW

kernel32

CreateFileMappingA
VirtualFree
GetNumberFormatW
RtlFillMemory
TlsSetValue
AllocConsole
EnumSystemLocalesA
CreateMutexW
FileTimeToDosDateTime
SetSystemTime
GetExitCodeThread
VirtualAlloc
SuspendThread
DebugBreak
EnterCriticalSection
SetLocaleInfoW
CreateMutexA
EnumCalendarInfoW
GetFullPathNameW
HeapFree
LeaveCriticalSection
lstrcat
OpenMutexW
ExpandEnvironmentStringsW
GetEnvironmentStringsW
EnumDateFormatsA
GetCommandLineA
InitializeCriticalSection
HeapDestroy
SetStdHandle
SetTimeZoneInformation
LoadLibraryA
GetStdHandle
FreeLibraryAndExitThread
GetTimeZoneInformation
LoadLibraryW
UnhandledExceptionFilter
WriteFile
TlsFree
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
GetStringTypeW
SetLastError
GetCommandLineW
HeapLock
GetModuleFileNameA
GetTimeFormatA
FlushFileBuffers
GetLocalTime
CreatePipe
GetSystemTimeAsFileTime
GetStartupInfoA
GetFileType
TerminateProcess
OpenMutexA
InterlockedExchange
VirtualQuery
GetTimeFormatW
GetStartupInfoW
VirtualQueryEx
LocalAlloc
TlsAlloc
InterlockedDecrement
LocalSize
OpenEventA
GetVersion
WideCharToMultiByte
DeleteAtom
LCMapStringW
HeapAlloc
GetConsoleCursorInfo
GetModuleHandleA
HeapCreate
GetTickCount
DeleteCriticalSection
HeapReAlloc
RtlUnwind
CompareStringA
lstrcmpiW
GetCurrentProcess
SetHandleCount
FormatMessageW
FormatMessageA
GetCurrentThreadId
IsBadWritePtr
LCMapStringA
DeleteFileW
ReadFile
ExitProcess
GetCurrentThread
SetEnvironmentVariableA
EnumTimeFormatsA
MultiByteToWideChar
GetLastError
IsValidCodePage
CreateThread
FreeEnvironmentStringsA
InterlockedIncrement
CloseHandle
SetFilePointer
lstrlenW
GetCPInfo
MapViewOfFileEx
SetPriorityClass
GetModuleFileNameW
lstrlenA
GetComputerNameA
LoadResource
SetConsoleCursorPosition
GetProcAddress
GetWindowsDirectoryW
GetAtomNameA
GetStringTypeA
FileTimeToLocalFileTime
VirtualProtectEx
FreeEnvironmentStringsW
GetSystemTime
GetEnvironmentStrings
CompareStringW

wininet

InternetTimeFromSystemTimeA

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df7d9e11d3d4c873cf39e077845c8d8c

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

comctl32

gdi32

advapi32

kernel32

wininet

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 256KB - Virtual size: 252KB

.data Size: 108KB - Virtual size: 126KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 256KB - Virtual size: 252KB

.data
Size: 108KB - Virtual size: 126KB

.rsrc
Size: 16KB - Virtual size: 14KB